Fix the parAzFirewallCustomPublicIps' allowed list. (#790)

* Policy Baseline Exemption Logic Needs to Live in ALZ Repo

* Policy Baseline Exemption Logic Needs to Live in ALZ Repo

* Policy Baseline Exemption Logic Needs to Live in ALZ Repo

* Add mmarkdown file.

* Update markdown file.

* Update Policy Assignment Exemptions.

* Add a flag to disable or enable firewall policies deployment.

* Add a flag to disable or enable firewall policies deployment.

* Update infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/policy/exemptions/policyExemptions.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Add Readme.

* Update the docs.

* Update docs.

* Update hubNetworking.bicep.md

* Update hubNetworking.bicep.md

* Add output for RouteTable and Network Security Group.

* Remove extra space.

* Remove extra space.

* Add policy exemption all and mini parameters json files.

* Add condition to policy exemption deployments

* Fix the parAzFirewallCustomPublicIps' allowed list.

* Update hubNetworking.bicep.md

* Update hubNetworking.bicep.md

* Update infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

* Update infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

* Update hubNetworking.bicep.md

---------

Co-authored-by: Zach Trocinski <30884663+oZakari@users.noreply.github.com>

infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md

@@ -28,7 +28,7 @@ parDdosPlanName | No       | DDoS Plan Name.
 parDdosLock    | No       | Resource Lock Configuration for DDoS Plan.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parAzFirewallEnabled | No       | Switch to enable/disable Azure Firewall deployment.
 parAzFirewallName | No       | Azure Firewall Name.
-parAzFirewallPoliciesEnabled | No       | Switch to enable/disable Azure Firewall Policies deployment.
+parAzFirewallPoliciesEnabled | No       | Set this to true for the initial deployment as one firewall policy is required. Set this to false in subsequent deployments if using custom policies.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
 parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
@@ -257,7 +257,7 @@ Azure Firewall Name.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Switch to enable/disable Azure Firewall Policies deployment.
+Set this to true for the initial deployment as one firewall policy is required. Set this to false in subsequent deployments if using custom policies.
 
 - Default value: `True`
 
@@ -295,14 +295,14 @@ The Azure Firewall Threat Intelligence Mode. If not set, the default value is Al
 
 Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations.
 
-- Allowed values: `1`, `2`, `3`
-
 ### parAzFirewallAvailabilityZones
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
 Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 
+- Allowed values: `1`, `2`, `3`
+
 ### parAzErGatewayAvailabilityZones
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)

infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep

@@ -160,7 +160,7 @@ param parAzFirewallEnabled bool = true
 @sys.description('Azure Firewall Name.')
 param parAzFirewallName string = '${parCompanyPrefix}-azfw-${parLocation}'
 
-@sys.description('Switch to enable/disable Azure Firewall Policies deployment.')
+@sys.description('Set this to true for the initial deployment as one firewall policy is required. Set this to false in subsequent deployments if using custom policies.')
 param parAzFirewallPoliciesEnabled bool = true
 
 @sys.description('Azure Firewall Policies Name.')
@@ -182,15 +182,14 @@ param parAzFirewallTier string = 'Standard'
 ])
 param parAzFirewallIntelMode string = 'Alert'
 
+@sys.description('Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations.')
+param parAzFirewallCustomPublicIps array = []
+
 @allowed([
   '1'
   '2'
   '3'
 ])
-
-@sys.description('Optional List of Custom Public IPs, which are assigned to firewalls ipConfigurations.')
-param parAzFirewallCustomPublicIps array = []
-
 @sys.description('Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.')
 param parAzFirewallAvailabilityZones array = []